问题描述
我认为很多开发者都在尝试更多地了解在 2017 年 Google I/O 上展示的新的 Google Play 应用签名功能.
存储密钥库以对 Google Play 内的应用程序进行签名的能力可以节省您安全存储密钥库的工作量,并且可以帮助系统根据硬件和操作系统特性优化为每台设备提供的 APK.
您可以在此处的官方文档中阅读有关此主题的更多信息:
接受应用签名服务条款.
第 1 步:点击与下图相同的按钮下载 PEPK 工具
第 2 步:打开终端并输入:
<块引用>java -jar PATH_TO_PEPK --keystore=PATH_TO_KEYSTORE--alias=ALIAS_YOU_USE_TO_SIGN_APK --output=PATH_TO_OUTPUT_FILE --encryptionkey=GOOGLE_ENCRYPTION_KEY
传说:
- PATH_TO_PEPK = 您在步骤 1 中下载的 pepk.jar 的路径,可能类似于
C:UsersYourNameDownloadspepk.jar
适用于 Windows 用户. - PATH_TO_KEYSTORE = 用于签署发行版 APK 的密钥库的路径.可以是 *.keystore 或 *.jks 类型的文件或不带扩展名的文件.类似
C:Androidmykeystore
或C:Androidmykeystore.keystore
等... - ALIAS_YOU_USE_TO_SIGN_APK = 您用于签署发行版 APK 的别名.
- PATH_TO_OUTPUT_FILE = 扩展名为 .pem 的输出文件的路径,类似于
C:Androidprivate_key.pem
- GOOGLE_ENCRYPTION_KEY = 此加密密钥应始终相同.您可以在 App Signing 页面中找到它,复制并粘贴它.应该是这样的形式:
eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd4b>code
例子:
<块引用>java -jar "C:UsersYourNameDownloadspepk.jar"--keystore=C:Androidmykeystore"--alias=myalias --output=C:Androidprivate_key.pem"--encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9dea
6按Enter,您需要按顺序提供:
- 密钥库密码
- 别名密码
如果一切顺利,您现在将在 PATH_TO_OUTPUT_FILE 文件夹中有一个名为 private_key.pem
的文件.
第 3 步:点击与下图相同的按钮上传 private_key.pem 文件
第 4 步:使用 Android Studio 创建一个新的密钥库文件.
<块引用>您未来将需要此密钥库来签署您的应用程序,不要忘记密码
打开您的一个 Android 项目(随机选择一个).转到构建 ->生成签名的 APK 并按新建.
现在您应该填写必填字段.
<块引用>密钥库路径代表您将创建的新密钥库,使用右侧的 3 点图标选择文件夹和名称,我选择 C:Androidupload_key.jks
(.jks 扩展名会自动添加)
<块引用>
注意:我使用 upload
作为新的别名,但如果您之前使用具有不同别名的相同密钥库来签署不同的应用程序,您应该选择之前在原始密钥库中使用的相同别名.
完成后按 OK,现在您将拥有一个新的 upload_key.jks
密钥库.您现在可以关闭 Android Studio.
第 5 步:我们需要从新创建的 upload_key.jks
密钥库中提取上传证书.打开终端并输入:
keytool -export -rfc -keystore UPLOAD_KEYSTORE_PATH -alias UPLOAD_KEYSTORE_ALIAS-file PATH_TO_OUTPUT_FILE
传说:
- UPLOAD_KEYSTORE_PATH = 您刚刚创建的上传密钥库的路径.在这种情况下是
C:Androidupload_key.jks
. - UPLOAD_KEYSTORE_ALIAS = 与上传密钥库关联的新别名.在这种情况下是
上传
. - PATH_TO_OUTPUT_FILE = 扩展名为 .pem 的输出文件的路径.
C:Androidupload_key_public_certificate.pem
之类的东西.
例子:
<块引用>keytool -export -rfc -keystore "C:Androidupload_key.jks"-别名上传-文件C:Androidupload_key_public_certificate.pem"
按 Enter 键,您需要提供密钥库密码.
现在,如果一切正常,您将在 PATH_TO_OUTPUT_FILE 文件夹中拥有一个名为 upload_key_public_certificate.pem
的文件.
第 6 步:上传 upload_key_public_certificate.pem
文件,点击与下图相同的按钮
第 7 步:点击应用签名页面末尾的 ENROLL 按钮.
现在每个新发布的 APK 都必须使用 upload_key.jks
密钥库和在第 4 步中创建的别名进行签名,然后才能上传到 Google Play 开发者控制台.
更多资源:
- 关于 Google Play 应用签名的 Google 文档
- 在您丢失上传密钥库时请求重置的表单
问答
问:当我上传使用新的 upload_key 密钥库签名的 APK 时,Google Play 显示如下错误:您上传了未签名的 APK.您需要创建一个签名的 APK.
答:在构建发布版 APK 时,检查以使用两个签名(V1 和 V2)对 APK 进行签名.阅读此处了解更多详情.
更新
第 4、5、6 步是创建上传密钥,对于现有应用程序是可选的
"上传密钥(现有应用程序可选):您在注册程序期间生成的新密钥.您将使用上传密钥对所有未来的 APK 进行签名,然后再将它们上传到 Play 管理中心."https://support.google.com/googleplay/android-developer/answer/7384423
I think a lot of developers are trying to learn more about the new Google Play App Signing feature presented at Google I/O 2017.
The ability to store the keystore to sign the apps inside Google Play save you the effort to safely store the keystore and can help the system to optimize the APKs served to every device, based on hardware and OS characteristics.
You can read more about this topic in the official documentation here : https://developer.android.com/studio/publish/app-signing.html#google-play-app-signing.
With the following answer, i will explain a bit better the steps you need to follow to upload your original keystore and how to create the new upload keystore, which you will need to sign your APK from this point onwards.
Before proceeding watch this Android Developers video to understand the implications of your App Signing enrollment choice: https://youtu.be/odv_1fxt9BI
This guide is oriented to developers who already have an application in the Play Store. If you are starting with a new app the process it's much easier and you can follow the guidelines of paragraph "New apps" from here
Prerequisites that 99% of developers already have :
Android Studio
JDK 8 and after installation you need to setup an environment variable in your user space to simplify terminal commands. In Windows x64 you need to add this :
C:Program FilesJava{JDK_VERSION}in
to thePath
environment variable. (If you don't know how to do this you can read my guide to add a folder to the Windows 10Path
environment variable).
Step 0: Open Google Play developer console, then go to Release Management -> App Signing.
Accept the App Signing TOS.
Step 1: Download PEPK Tool clicking the button identical to the image below
Step 2: Open a terminal and type:
java -jar PATH_TO_PEPK --keystore=PATH_TO_KEYSTORE --alias=ALIAS_YOU_USE_TO_SIGN_APK --output=PATH_TO_OUTPUT_FILE --encryptionkey=GOOGLE_ENCRYPTION_KEY
Legend:
- PATH_TO_PEPK = Path to the pepk.jar you downloaded in Step 1, could be something like
C:UsersYourNameDownloadspepk.jar
for Windows users. - PATH_TO_KEYSTORE = Path to keystore which you use to sign your release APK. Could be a file of type *.keystore or *.jks or without extension. Something like
C:Androidmykeystore
orC:Androidmykeystore.keystore
etc... - ALIAS_YOU_USE_TO_SIGN_APK = The name of the alias you use to sign the release APK.
- PATH_TO_OUTPUT_FILE = The path of the output file with .pem extension, something like
C:Androidprivate_key.pem
- GOOGLE_ENCRYPTION_KEY = This encryption key should be always the same. You can find it in the App Signing page, copy and paste it. Should be in this form:
eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a
Example:
java -jar "C:UsersYourNameDownloadspepk.jar" --keystore="C:Androidmykeystore" --alias=myalias --output="C:Androidprivate_key.pem" --encryptionkey=eb10fe8f7c7c9df715022017b00c6471f8ba8170b13049a11e6c09ffe3056a104a3bbe4ac5a955f4ba4fe93fc8cef27558a3eb9d2a529a2092761fb833b656cd48b9de6a
Press Enter and you will need to provide in order:
- The keystore password
- The alias password
If everything has gone OK, you now will have a file in PATH_TO_OUTPUT_FILE folder called private_key.pem
.
Step 3: Upload the private_key.pem file clicking the button identical to the image below
Step 4: Create a new keystore file using Android Studio.
YOU WILL NEED THIS KEYSTORE IN THE FUTURE TO SIGN THE NEXT RELEASES OF YOUR APP, DON'T FORGET THE PASSWORDS
Open one of your Android projects (choose one at random). Go to Build -> Generate Signed APK and press Create new.
Now you should fill the required fields.
Key store path represent the new keystore you will create, choose a folder and a name using the 3 dots icon on the right, i choosed
C:Androidupload_key.jks
(.jks extension will be added automatically)
NOTE: I used
upload
as the new alias name but if you previously used the same keystore with different aliases to sign different apps, you should choose the same aliases name you had previously in the original keystore.
Press OK when finished, and now you will have a new upload_key.jks
keystore. You can close Android Studio now.
Step 5: We need to extract the upload certificate from the newly created upload_key.jks
keystore.
Open a terminal and type:
keytool -export -rfc -keystore UPLOAD_KEYSTORE_PATH -alias UPLOAD_KEYSTORE_ALIAS -file PATH_TO_OUTPUT_FILE
Legend:
- UPLOAD_KEYSTORE_PATH = The path of the upload keystore you just created. In this case was
C:Androidupload_key.jks
. - UPLOAD_KEYSTORE_ALIAS = The new alias associated with the upload keystore. In this case was
upload
. - PATH_TO_OUTPUT_FILE = The path to the output file with .pem extension. Something like
C:Androidupload_key_public_certificate.pem
.
Example:
keytool -export -rfc -keystore "C:Androidupload_key.jks" -alias upload -file "C:Androidupload_key_public_certificate.pem"
Press Enter and you will need to provide the keystore password.
Now if everything has gone OK, you will have a file in the folder PATH_TO_OUTPUT_FILE called upload_key_public_certificate.pem
.
Step 6: Upload the upload_key_public_certificate.pem
file clicking the button identical to the image below
Step 7: Click ENROLL button at the end of the App Signing page.
Now every new release APK must be signed with the upload_key.jks
keystore and aliases created in Step 4, prior to be uploaded in the Google Play Developer console.
More Resources:
- Google documentation on Google Play App Signing
- Form to request the reset of your upload keystore if you lose it
Q&A
Q: When i upload the APK signed with the new upload_key keystore, Google Play show an error like : You uploaded an unsigned APK. You need to create a signed APK.
A: Check to sign the APK with both signatures (V1 and V2) while building the release APK. Read here for more details.
UPDATED
The step 4,5,6 are to create upload key which is optional for existing apps
"Upload key (optional for existing apps): A new key you generate during your enrollment in the program. You will use the upload key to sign all future APKs prior to uploading them to the Play Console." https://support.google.com/googleplay/android-developer/answer/7384423
这篇关于如何启用 Google Play 应用签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!